[Bug 1314127] Re: Secure Grub2 "edit" menu also secures booting

eolien mrnfake at gmail.com
Tue Apr 29 12:25:48 UTC 2014 

Solved by reading, this two links :

https://www.gnu.org/software/grub/manual/html_node/Security.html

http://daniel-lange.com/archives/75-Securing-the-grub-boot-loader.html

** Changed in: grub2 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1314127

Title:
  Secure Grub2 "edit" menu also secures booting

Status in “grub2” package in Ubuntu:
  Invalid

Bug description:
  On grub2-1.99-21ubuntu3, i followed that procedure to secure only
  "edit" (through pressing "e" when bootloader start) :

  [quote]
  However grub2 uses a newer method, so I'll outline the brief how to here if anyone is interested in password protecting there grub2 with SHA-512 (an NSA algorithm no less)

  First you'll need to type the command:

  grub-mkpasswd-pbkdf2

  Now type in your chosen password...

  Then open up the terminal and type sudo -i to login as root then type:
  gedit /etc/grub.d/00_header

  Now you want to take your new password which will look something like
  the following:

  grub.pbkdf2.sha512.10000.5F60AA485BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E22AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766FAEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194

  And use the following code example of how to paste it in at the end of
  the 00_header file under the last line of code so it will look like
  this:

  cat << EOF
  set superusers="putyourusernamehere"
  password putyourusernamehere grub.pbkdf2.sha512.10000.5F60AA485BA2B7EA640974BCDF5722F7600FDAF99AFE6AD8ECA33A1A05E53AB85B8B426E22AC246CC50558807BBA24752CBD61FD04155E26C41307F4AD64C9F7.0BDA015BBD97F09776CB66C90E0D82C2855C297039A1638D28A77FE2DDA3C8B8105C82FB2766FAEF4400647917A82CF3FB4B8E9B43ACBA6439F1E3C9B1A90194
  EOF 

  Now do the command update-grub and your new password policy will be
  enforced and no one but you will know the password to edit your grub2
  config.

  Obviously please use your own user name and passwords, not
  putyourusernamehere and the password provided above as this is only an
  example.

  The code you need at the end of the file is :

  cat << EOF
  set superusers="username"
  password username <that goes here and dont forget the space>
  EOF
  [/quote]

  source : http://crunchbang.org/forums/viewtopic.php?id=13076


  Now, on grub2.02~beta2-9 0, when i follow that, i also need to enter
  my login/password to boot on an entry ! It secures not only editing,
  but booting also.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1314127/+subscriptions

More information about the foundations-bugs mailing list